SUSE CVE-2008-1199

Dovecot before 1.0.11, when configured to use mailextragroups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack...

dovecot: insecure mail_extra_groups option

Dovecot before 1.0.11, when configured to use mailextragroups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack...

DEBIAN-CVE-2008-1199

Dovecot before 1.0.11, when configured to use mailextragroups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack...

Dovecot mail_extra_groups setting is often used insecurely

mailextragroups=mail setting is often used insecurely to give Dovecot access to create dotlocks to /var/mail directory. If you don't use mboxes in /var/mail, make sure this setting is cleared. If you do use /var/mail mboxes and Dovecot gives permission errors without it, do one of the following i...